This is a discussion on Mapping between CVE numbers and Solaris patches for CPU July 2010 - Solaris Rss ; In the July 2010 Critical Patch Update, per policy, Oracle no longer provided the mapping between CVE numbers and individual patches. As a result of customer input, Oracle will provide the CVE to individual patch mapping in the July 2010 ...

Mapping between CVE numbers and Solaris patches for CPU July 2010

In the July 2010 Critical Patch Update, per policy, Oracle no longer provided the mapping between CVE numbers and individual patches. As a result of customer input, Oracle will provide the CVE to individual patch mapping in the July 2010 Critical Patch Update. Oracle plans to reevaluate this policy in time for the October 2010 Critical Patch Update.

In order to ensure that Oracle's new policy meets the needs of its customers, Oracle is asking assistance from its Solaris customers in formulating the policy pertaining to the CVE to patch mapping disclosures. As such, I request that you contact me at derrick.scholl-AT-oracle-DOT-com, or via secalert_us@oracle.com to help Oracle understand the specific requirements of your organization.

Below is the mapping table between CVE numbers and Solaris patches. This information will also be available in the patch availability document referenced in the Critical Patch Update.